On June 19, 2017, researchers of a security company outside China discovered an elevation of privilege vulnerability in Unix operating systems (including Linux, OpenBSD, and FreeBSD). This vulnerability enables attackers to obtain the root privilege by running code. It affects almost all Linux systems.

Alibaba Cloud Security reminds you to follow up and install patches in time to prevent elevation of privilege attacks initiated by exploiting this vulnerability.

See the following for more information about the vulnerability.

CVE identifier

CVE-2017-1000364

CVE-2017-1000366

Vulnerability name

Linux Kernel Stack Clash security vulnerability

Vulnerability rating

Important

Vulnerability description

This vulnerability is triggered by a stack collision in operating system memory management, and affects Linux, FreeBSD, OpenBSD, NetBSD, Solaris, i386, and AMD64. Attackers can exploit this vulnerability to damage the memory and run any code on a target system to elevate their common privilege to the root privilege.